As the title states, if I were to perform a snapshot on one cluster and restore it to another target cluster, will it retain the .* system indices? In particular, .security, .kibana, .monitoring, .watcher-history and so forth.
If a full snapshot does do this, is there a way to exclude these without explicitly specifying all the other indices in our cluster? We have 3,000+ indices so it's not logical to necessarily specify each of them in order to exclude the rest.
A snapshot by default includes all open and started indices so yes it would include the .* indices unless you specify otherwise.
A useful way to exclude a small set of indices, rather than including a large set of indices, is to use the "-" operator (multi index syntax), as follows:
Everything except .security, .kibana, .monitoring and .watcher-history
PUT _snapshot/<repository_name>/<snapshot_name>
{
"indices": "*,-.security,-.kibana,-.monitoring,-.watcher-history",
"ignore_unavailable": true,
"include_global_state": true
}
Or, everything except indices that start with "."
PUT _snapshot/<repository_name>/<snapshot_name>
{
"indices": "*,-.*",
"ignore_unavailable": true,
"include_global_state": true
}
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.